VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 1, 2010· Updated Apr 29, 2026

CVE-2010-2125

CVE-2010-2125

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

Affected products

25
  • Systemseed/Rotor25 versions
    cpe:2.3:a:systemseed:rotor:5.x-1.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:systemseed:rotor:5.x-1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:5.x-1.x:dev:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-1.x:dev:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:systemseed:rotor:6.x-2.x:dev:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.